CVE-2015-4321

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.3(1.50) through 9.3(3) Cisco Adaptive Security Appliance (ASA) Software version 9.4(1)

Description The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table. This allows remote attackers to bypass uRPF validation via spoofed packets. The vulnerability exists due to insufficient input validation, which can be exploited by sending specially crafted IP packets to bypass the uRPF mechanism designed to protect against IP address spoofing.

Recommendations For version 9.3(1.50), update to a fixed version to resolve the issue. For version 9.3(2.100), update to a fixed version to resolve the issue. For version 9.3(3), update to a fixed version to resolve the issue. For version 9.4(1), update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the uRPF feature until a patch is available.